SYNOPSIS

DESCRIPTION

ldapaddent creates entries in LDAP containers from their corresponding /etc files. This operation is customized for each of the standard containers that are used in the administration of Solaris systems. The database argument
specifies the type of the data being processed. Legal values for this type are one of aliases, auto_*, bootparams, ethers, group, hosts (including IPv6 addresses), netgroup, netmasks, networks, passwd, shadow, protocols, publickey, rpc, and services.

By default, ldapaddent reads from the standard input and adds this data to the LDAP container associated with the database specified on the command line. An input file from which data can be read is specified using the -f option.

The entries will be stored in the directory based on the client's configuration, thus the client must be configured to use LDAP naming services. The location where entries are to be written can be overridden by using the -b option.

If the entry to be added exists in the directory, the command displays an error and exits, unless the -c option is used.

Although, there is a shadow database type, there is no corresponding shadow container. Both the shadow and the passwd data is stored in the people container itself. Similarly, data from networks and netmasks databases are stored in the networks container.

You must add entries from the passwd database before you attempt to add entries from the shadow database. The addition of a shadow entry that does not have a corresponding passwd entry will fail.

For better performance, the recommended order in which the databases should be loaded is as follows:

passwd database followed by shadow database

networks database followed by netmasks database

bootparams database followed by ethers database

Only the first entry of a given type that is encountered will be added to the LDAP server. The ldapaddent command skips any duplicate entries.

OPTIONS

The ldapaddent command supports the following options:

-aauthenticationMethod

Specify authentication method. The default value is what has been configured in the profile. The supported authentication methods are:

simple

sasl/CRAM-MD5

sasl/DIGEST-MD5

tls:simple

tls:sasl/CRAM-MD5

tls:sasl/DIGEST-MD5

Selecting simple causes passwords to be sent over the network in clear text. Its use is strongly discouraged. Additionally, if the client is configured with a profile which uses no authentication, that is, either the credentialLevel attribute is set to anonymous or authenticationMethod is set to none, the user must use this option to provide an authentication method.

-bbaseDN

Create entries in the baseDN directory. baseDN is not relative to the client's default search base, but rather. it is the actual location where the
entries will be created. If this parameter is not specified, the first search descriptor defined for the service or the default container will be used.

-c

Continue adding entries to the directory even after an error. Entries will not be added if the directory server is not responding or if there is an authentication problem.

-DbindDN

Create an entry which has write permission to the baseDN. When used with -d option, this entry only needs read permission.

-d

Dump the LDAP container to the standard output in the appropriate format for the given database.

-ffilename

Indicates input file to read in an /etc/ file format.

-p

Process the password field when loading password information from a file. By default, the password field is ignored because it is usually not valid, as the actual password appears in a shadow file.

-wbind_password

Password to be used for authenticating the bindDN. If this parameter is missing, the command will prompt for a password. NULL
passwords are not supported in LDAP.

When you use -wbind_password to specify the password to be used for authentication, the password is visible to other users of the system by means of the ps command, in script files or in shell history.